153
this post was submitted on 04 Jul 2024
153 points (88.1% liked)
Technology
60123 readers
5102 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
From noplace's FAQs: *
Emphasis mine. Now their privacy policy: *
So, it looks like they're starting off with lies right at the top, like every other tech startup.
EDIT: To also address the "we don't share your number or anything else about you with third parties" part, the privacy policy also outlines exactly how they will share your data with third parties:
Go fuck yourselves, noplace.
EDIT: Another issue I just found with their FAQs:
I thought it was weird that crypto would be a frequently-asked question for what appears to otherwise be a pretty generic-looking social network. Then I found that noplace's parent company, Islands XYZ, was originally launched to be an NFT platform of some sort, financially backed by our old friend Alexis Ohanian.
https://www.forbes.com/sites/alexkonrad/2021/11/30/web3-startup-islands-creators-nft-communities-launch/
So they're totally not a crypto thing. Definitely not crypto. 100% something other than crypto.
Guys, I swear they're not a crypto thing.
I work on web software professionally and this is a pretty minimal list that is completely justifiable for maintaining operations. If you can't answer basic questions like "what are users doing with the app?", you can't make intelligent decisions about how to improve it.
There's a lot of the same stuff here: https://legal.lemmy.world/privacy-policy/
I don't know anything about this app or company so I'm not going to defend them, but there aren't any real red flags here. If this amount of data collection bothers you, you really should stop using the internet in general.
Sorry, I kinda got lost in the sauce on my original comment, lol. My issue isn't so much with the data collection, itself. My problem is that their FAQs say things that appear to be outright lies. Not even just embellishing the truth or something, but complete falsehoods.
I don't care so much that they collect a bit of data. But if they're wiling to lie to a potential user about their data collection, I can't help but wonder what else they might be willing to be dishonest about. I already have doubts about their crypto claim in the FAQ based on their founder's history with NFTs, so I worry that this might also be something they're not being truthful about.
I think you’ve missed the point. It’s not the data they are collecting but the fact they say they don’t collect data.
It's pedantic, but you are not your computer. They don't collect (according to them) PII other than phone numbers.
Not sure I agree entirely. The actions I take are definitely data about me.
Also, in many jurisdictions data that could be combined (even in the future) with other data to identify you or something about you, is considered personal data.
For example, Device ID is AstridWipenaugh’s device and they use the app in the morning.
(I don't like this kind of data collection either fwiw, not trying to defend them or anything)
On Android at least, device id's are unique per app, and reset when you reset your phone to factory. In theory they can't use this data to cross-track you personally, since every service that uses a device id has a different one for the same user.
They can probably still build up a pretty accurate profile of you based on other data they collect though.
Yes, that’s exactly the point. Combining data is something that must be considered. (And in some jurisdictions like the EU you even need to consider if it could be combined in future with other data)
And just to piggyback on this comment, I'm an Android developer and we this information is critical for determining similarities for bug solving.
You would not believe how often there is a bug caused by a specific model of phone. That connection you can only know if you log that for every crash you get.
Yeah as someone who has worked in web development for over 20 years everything in here is completely standard. Almost every major website in existence collects this kind of analytical data.
...and that's a bad thing.
Like the comment I replied to already explained, this information is necessary to make informed development decisions. If you don't know who is using what feature you might be wasting resources on something barely anyone uses while neglecting something everyone needs.
You also need some of that data for security purposes. You can't implement rate limiting or prevent abuse if you can't log and track how your services are being interacted with.
And this is aggregate data. I can promise you not a single person cares about what any individual user is doing (assuming it's not illegal)
It should all be opt in. Aggregate data can be used to personally identify, and even when it's not, it has its own negative effects.
Then you introduce self-selection bias and the data is worthless.
You can't identify someone based on how they interact with a service. If you spend 5 minutes on one page and 2 minutes on another that could be anyone. Even if you for some reason personally knew someone's browsing habits it would be nearly impossible to pick them out in a sea of millions of data points.
I see you linked privacyguides.org in the thread as "alternatives", one of the services it recommends is Proton (Mail, Drive, etc.). Look at their privacy policy:
Or how about addy.io that privacyguides recommends for email forwarding? From their privacy policy:
ALL online services collect this kind of data. Even the privacy-focused ones. There is nothing nefarious about it.
"Analytics are anonymized whenever possible" is vastly more reassuring than "we use all this data".
I'd prefer we not surrender to mass surveillance. If we support alternatives, they remain viable.
https://www.privacyguides.org/en/
It sounds to me like the usage data is talking about the fact that every major web browser sends identifying information about the browser, device, etc. when you visit any site.
For an app, they're likely getting data from Google Play or the App Store for crashes, installs, comments, whether they like it or not.
People don't often accuse me of being an optimist.
Oh for sure, I don't doubt that. The issue that I take is that their FAQ - which I imagine is rarely actually read by users, but is definitely read more often than the ToS - is directly contradicted by their ToS. While they say they only collect one data point in the FAQ, the ToS outlines several other data points they collect. While they say they don't share your collected data with third parties, the ToS states that they may share your collected data with third parties for advertising purposes. The FAQ denies being connected to crypto schemes, despite their founder (Tiffany Zhong) and parent company being heavily involved in crypto.
While these are all standard practices for just about every web platform, it's the lies in the FAQs that should be concerning to users. If they would have just said exactly what they do with your data or what their background is in, or even just not included it in the FAQs at all, I wouldn't have any problem with it. But they're willing to openly lie to their users, and I don't think they should be trusted.
I was surprised they didn‘t include AI in the FAQ until I learned they‘re openly advertising the usage of AI for the service whatever that means. Common GenZ L to throw themselves at this.
They're saying they might ask to collect this additional information. A lot of the information, as others have pointed out, is also common and necessary for some basic operations of a service like this.
This is an overreaction, there are many good reasons not to like this app but misunderstanding their data policy isn't one
Gen Zs do. not. give. a. fuck.
Yeah, I thought about that halfway through looking through their ToS. I wish I was smart enough to figure out how to package this into a message Gen Z can actually understand and care about.
This app is cheugy af fam no cap fr fr on God if u download dis you stannin for the boujee this app high key has no drip big yikes if you on it u basic